If you are using Active Directory Federation and you want to see what users are logging in when to what external service, you can analyze the ADFS server IIS logs. It is pretty straightforward since it is just IIS.

First, get to your ADFS box, get to the IIS log directory, usually something like “C:WindowsSystem32LogFilesW3SVC1” and grab those logs.

Now, you can write sql type queries against your logs. For ADFS logs, we don’t care so much about many of the columns, but primarily username and date, maybe the URI for filtering, maybe the referrer or the user agent to see what browsers your users are using, but to get say, unique logins per day for a given service, we just need the date, username and URI.

Remember the date is probably UTC so you need to use a function to convert, or leave as is if you want, and everything is pretty much all relative depending on how accurate you want things to be. hint: TO_TIMESTAMP(date, time) AS utc-timestamp, TO_LOCALTIME(utc-timestamp) AS local-timestamp

Now, here is the LogParser query:
logparser "SELECT DISTINCT cs-username, date INTO FROM WHERE cs-username NULL and cs-uri-query LIKE '%your service%'"

Note in the statement the output path and your log path, change to what yours are. Also, the LIKE statement. For example, to query for Microsoft Dynamics CRM Online, I used

LIKE ‘%dynamicscrm%’

Run that query, then open the .csv you exported to. Format the data as a table, pivot it by user, pivot by date. Get the unique number of days using a date diff, analyze logins per day, logins per user. Tie to Active Directory (using Power Query) to add some dimension attributes like title or department and very quickly you can analyze what users, departments etc are using your service.

This past week I went to the PASS Summit 2012 in Seattle (more on that in a later post). But I did something that I haven’t done ever. I went to Seattle without my laptop.

Now, if you have ever been to a tech conference, first off the wifi and network in the hotels are slow because you have thousands of geeks doing the same thing. 3g/4g slow too, so you are already hampered by that fact.

Next, you are up early, to breakfast/conference sessions all day, usually till 6:30 pm, and you then have conference events every night till 9, 10, 11 whatever, so you aren’t in your hotel much, maybe to sleep, shower, drop your bag off.

I found that I could “get by” without my laptop, but there were things that weren’t easy, and things I couldn’t do easily when I wanted to.

First trial was an email sent to me with a PDF that asked “can you sign this and get it back today”. Ok, let’s see. Download a PDF signing app and do it in iOS. Works. Little hokey to get the file back and copied and back in the email, but works.

Then, a couple of days later, “go here and fill this web form out”.. well, let’s cross our fingers it works in mobile safari or chrome without issue. It was clunky but worked.

I would say the biggest gripe though I had was this: lack of keyboard. Now I know with iPad (and things like Surface with the touch cover) you can get a keyboard, but I don’t have one of those cases for my iPad so I was just winging it with the iPad.

With no keyboard, it is *very* hard to sit down and bang out paragraphs at any fast type of rate. Blog post? Not quickly. It is just a slow down without a physical keyboard to type on. Other things like emails, twitter, web, whatever, work fine with just the iPad. And of course consuming/reading content is great. Just that typing something like this post here, I waited till I was at my desktop at home to write it. I think I would pull my hair out just trying to use the soft keyboard on the iPad.

Overall it got me by like I said, but there are still some gaps, at least for me, in what I need to do that can’t be handled without a laptop or physical keyboard. Maybe next year :)

If you are like me, and live in Google Chrome, you probably use other Google Services. I use Google Drive and Gmail extensively. I would love it if when I searched in the Google Chrome Address Bar Omnibox, that it could search other places.

I have been running Windows 8 since the 2011 BUILD conference, the dev preview, then the consumer preview, then the release preview. So RTM wasn’t much of a jump for me. I have it installed on my BUILD samsung tablet, as well as on my work laptop.

While I have seen a few things not work, that would be expected, one is WinPCap (packet capture) software , which is an integral part of Wireshark. Turns out it doesn’t really work in Windows 8, at least the installer doesn’t.

What I had to do was run the install in “Windows 7 Compatibility Mode” and it then installed and I could capture traffic.

Day to day we all use many different systems and tools. Windows, Mac, iOS, Android, Twitter, Facebook, Powershell, Visual Studio, Sublime Text, iTunes, and the list goes on and on. There are so many cool utilities and tools out there, and many people aren’t aware of the majority of them, but at one point or another, they could benefit from using them..

tasklist is a cmd line utility built into windows that you can use to see running processes. With any utility, run “tasklist /?” to see options. You can
run it with /S and pass in a remote system name, pretty cool. Also authenticated using /U and /P. You can see many other options as well. Format, Verbose, etc.

You can use this to get the running processes on a remote system. Want an easy way to see who might be remoted (RDP) into a machine?
tasklist /s COMPUTERNAME /v /FI "ImageName eq Explorer.exe"

Pretty cool huh? Just think of the other possibilities. Log the running tasks to a csv and track over time with memory usage. Check remotely for a process running. tasklist should be able to help. And used in conjunction with other tools, you can do a lot of remote admin work.

I’m hoping to highlight on more utilities and turn those posts into a series, so stay tuned.

I have a few VM’s setup at home. One is Ubuntu. I haven’t been on it for a while. Figured I knew what the password was when I set it up months ago, but for some reason it wasn’t work. So how to change?

1. Reboot into “recovery mode”

Reboot, hold down shift and the boot menu will come up, choose the option with (recovery) at the end.

2. Mount as root

Once through that, choose the option to mount as root.

3. Reset Password

#passwd username (username is the username you want to reset)..

enter the password twice, and then

#reboot now

Bonus: If you get “Authentication token manipulation error” as I did, you need to remount your file system as read/write at the root prompt.

#mount -rw -o remount /

Bonus 2: Once you actually get into the system, it is going to probably complain about your keyrings password not matching. Goto your home folder (make sure you have all folders shown) and goto .gnome2/keyrings and delete and files and reboot.

Overall not that bad, but yeah, don’t lose your passwords. Keep them in a password manager! (I didn’t with this one of course, didn’t keep it in my head either!)